CVE-2024-29213

CVE-2024-29213 affects Ivanti Desktop and Server Management (Ivanti DSM) and leverages an insecure ACL to allow an authenticated local user to execute code with elevated privileges. The advisory and multiple feeds confirm the vulnerability exists in DSM versions prior to 2024.2, with a CVSS v3 ba...

CVE-2024-29821

Ivanti DSM version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector...

PT-2024-38333 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.986 Description: The issue allows authenticated attackers with subscriber-level access and above to extract data from password protected posts vi...

CVE-2024-38190

CVE-2024-38190 concerns a missing authorization vulnerability in Microsoft Power Platform (and associated components like Dataverse) that allows an unauthenticated attacker to view sensitive information over a network vector. The provided metrics assign a CVSS3.1 base score of 8.6 (HIGH) with net...

Power Platform Information Disclosure Vulnerability

Missing authorization in Power Platform allows an unauthenticated attacker to view sensitive information through a network attack vector...

PT-2024-31653 · Apache · Apache Cloudstack

Name of the Vulnerable Software and Affected Versions: Apache CloudStack versions 4.15.1.0 through 4.18.2.3 Apache CloudStack versions 4.19.0.0 through 4.19.1.1 Description: The logout operation in the CloudStack web interface does not expire the user session completely, which remains valid until...

Oracle MySQL 安全漏洞

Oracle MySQL is an open source relational database management system from Oracle Corporation.MySQL Connectors is one of the drivers for connecting applications that use MySQL. A security vulnerability exists in MySQL Connectors for Oracle MySQL, which can be exploited by an attacker to update,...

Information Exposure

github.com/opentofu/opentofu is vulnerable to Information Exposure. The vulnerability is due to the static evaluation of module sources, versions and backend configurations. An attacker can expose sensitive variables and locals...

CVE-2024-43610

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector...

CVE-2024-43610

CVE-2024-43610 concerns an information disclosure in Microsoft Copilot Studio. The connected PT-2024-7988 entry identifies Copilot Studio as the affected software and states that the vulnerability involves exposure of sensitive information to unauthorized actors via a network attack vector, explo...

CVE-2024-43488

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector...

CVE-2024-43488

CVE-2024-43488 affects the Visual Studio Code extension for Arduino. The vulnerability is a missing authentication in a critical function, enabling remote code execution over a network attack vector. Impact per sources is arbitrary code execution with high/critical severity. Affected component is...

Copilot Studio Information Disclosure Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector...

Visual Studio Code extension for Arduino Remote Code Execution Vulnerability

Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS through the version control feature due to improper user input sanitization. An attacker can manipulate the output of the page by injecting malicious scripts through a malformed URL. Details Cross-site scripting...

OESA-2024-2188 uboot-tools security update

This package includes the mkimage program, which allows generation of U-Boot images in various formats, and the fwprintenv and fwsetenv programs to read and modify U-Boot's environment. Security Fixes: There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound t...

pcp: pmcd heap corruption through metric pmstore operations

A vulnerability was found in Performance Co-Pilot PCP. This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash...

AZL-49656 CVE-2024-45769 affecting package pcp 5.1.1-3

A vulnerability was found in Performance Co-Pilot PCP. This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash...

The vulnerability of Microsoft Publisher software lies in its data protection mechanisms being breached, allowing attackers to circumvent existing security restrictions.

The vulnerability of Microsoft Publisher software is related to a flaw in the data protection mechanism. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...

VICIdial 安全漏洞

VICIdial is a software suite from VICIdial, Inc. designed to interact with the Asterisk open source Pbx telephony system as a complete inbound/outbound contact center suite with inbound email support. A security vulnerability exists in VICIdial. An attacker can exploit this vulnerability to execu...